This (0x1273F11F) replaces my previous key (0x7D69EE91), and you should now get warnings when using the old one… assuming that you can update keys from the key servers at some point in the future.

On macOS i’ve been using GPG Tools, and had considered giving them money to continue to use it. However, having watched a 35c3 talk titled, “Attacking end-to-end email encryption” which covers all the ways that PGP is broken in mail clients (“except mutt!”) i’m more convinced than ever that secure mail with PGP is essentially a disaster waiting to happen.

Signal, despite its lack of UI / UE polish, remains a much better option if you can get the other party to agree to use it. If you have to send and receive PGP mail of any import, do as the experts suggest and compose it outside of a mail client. And, for the love of gub, don’t do it anywhere near a browser!

I’ve only had it installed for a couple of days and stability isn’t terrible (one or two related crashes i think…) Up until that point i’d be living out of the services menu, which isn’t bad until you need to deal with attachments, and need other command line tools to decode / extract mime parts. Even then it’s not that bad, and will always be free.

Edit: the notes on setting up GPGTools Services are here, and the command line tool for mime is ‘ripmime‘.

The usual dance. You upgrade an OS X release and your Mail.app plugins get disabled. As they are working with unpublished APIs this isn’t in the least bit surprising. Apple really should get their act together and make Mail.app easily extensible – if they can’t include PGP support by default, at least make it easy for the good peoplethat do. Changing the API between beta and GA is a dick move.

If you followed the link above you’ll know that the GPGTools mail bundle is moving to a paid model. That seems like a sensible decision to me. When they get that system setup i’ll pay. In the meantime i wanted to see how easy it was to build from the source. It’s not bad, but it doesn’t get you a working mail bundle.

IMPORTANT: the below won’t give you working GPGMail in Mail.app!! It just shows you how to build and install the currently broken version.

the above will build everything but fail to create the actually bundles due to an issue with signing. To fix that open the Xcode project:

$ open ./GPGMail.xcodeproj

in ‘Navigate’ menu, select ‘Reveal in Project Navigator’. Open the GPGMail project in the left most pane, and select the ‘GPGMail_Updater.xcodeproj’ target. In the centre pane, in the ‘Identity’ section, change the ‘Signing’ to ‘None’. The project seems to auto-save on close… no idea, i’m not an Xcode user.

Now go back to the terminal and reexecute the ‘make’ command.

To manually install the bundle, close Mail.app, and copy execute the following:

$ cp -r ./build/Release/GPGMail.mailbundle ~/Library/Mail/Bundles/

And restart Mail.app. It should tell you that the bundle is incompatible and is being disabled. This is the part that the GPGTools developers are working on fixing.